The U.S. government’s cybersecurity standing (both state and federal) is ranked 16th of 18 industry sectors in a new report published by SecurityScorecard, a firm that seeks to help business manage third- and fourth-party risk. This is a very small improvement on the nations position last year, which was 18th out of 18. This still presents a disappointing and dangerous scenario of public sector readiness to defend systems against cybercrime and cyber espionage. The report was generated by collecting and analyzing subject data through its own data engine, ThreatMarket — which uses 10 categories such as web applications, network security, and DNS health.

Now that more online services than ever now offer two-step authentication, i.e., requiring customers to complete a login using their phone or other mobile device after supplying a username and password, many services relying on your mobile devices for that second factor, there has never been more riding on the security of your mobile account. Click the link for a few tips to ensure your mobile device (or, more specifically, your mobile carrier) isn’t the most vulnerable link in your security chain.

The hazard of unsophisticated and poorly secured Internet of Things devices came to the front last year with the Mirai DDoS attack that involved nearly a million bots. Many of these devices remain a threat. Researchers have now posed an original solution to the problem: Use the vulnerability of these devices to inject a ‘white worm’ that secures the devices. It is an epidemiological approach that creates immunity with a vaccine by exposing the immune system to a weakened form of the disease.

Popular department store Kmart has had their payment systems infiltrated by cybercriminals last Wednesday, who were able to remotely install malware into the company processes. No information has been provided as to which stores have been affected or for what duration the hackers had access to the firm’s systems, but with over 700 locations it is estimated by security blogger Brian Krebbs that not all stores were affected.

New reports suggest that the majority of security professionals believe they personally will be victimized by DDoS among other attacks due to ineptly secured IoT devices. The Ponemon Institute expect vulnerabilities in increasingly common devices to be exploited by cyber attackers.

OneLogin has now confirmed that the SSO and ID management company has suffered a serious breach. While their public statement is rather vague, an e-mail to its users details that “customer data was compromised, including the ability to decrypt encrypted data.”

Kaspersky Labs security researchers has revealed that a new botnet malware emerging in October of last year, Hajime, has been busy ensnaring thousands of IoT devices. This new strain came on the scene around the same time we saw the Mirai attacks and targets devices in the same way without using them for DDoS processes.

Popular restaraunt chain Chipotle Mexican Grill informed its recent customers on Tuesday that the company’s payment archives from its over 2,000 locations may have been breached. With an investigation ongoing, the information being made to the public is still limited.

App based game guides that include some of the most popular programs have been used to attack over half a million Android users. Google Play harbors the applications responsible for the malware, with researchers at Checkpoint reporting that the apps project unwanted ads and other issues to users.

New ransomware attacks on end users have been detailed by Symantec’s annual Internet Security Threat Report. The report shows the effects of cyberattacks on intended victims as well as the growing trend in ransomware attacks, up 36% last year.

Kaspersky Labs has recently revealed malware code that is capable of remotely gaining administration functions of ATM’s. This was discovered after a Russian bank was targeted by cybercriminals, who used the malware to access several ATM’s. The code was not deleted after the theft, however, leaving pieces for researchers to analyze and ascertain how the code was developed.

Talos researchers are now saying that popular and legitimate websites are now being used by ‘ROKRAT’ for data exfiltration. Distributed via email, ROKRAT uses a HWP document to target victims in Korea. The phishing attacks feign legitimacy by faking a reputable senders email, such as the contact email of the Korea Global Forum in several instances.

DDoS attacks are devestating for victims by preventing any traffic for their website, however require comparatively little resources for malicious actors. Preventive measures are currently in use by many sites, but are not always sufficient in protecting small or medium level firms and other organizations.

The second largest world producer of IoT devices, Dahua, has released a software update that has gaping security deficiencies in several of popular products including DVR’s and cameras. These internet connected gadgets are vulnerable to login bypasses and remote access to various systems. Additionally, code is available online that would allow exploitation of massive numbers of these types of ‘smart’ devices online by one user, creating DDoS attack concerns among security researchers.

The stockpiling of zero-day vulnerabilities by various intelligence agencies to use in offensive capabilities for cyber battle is not quite as dangerous as once predicted, says a new RAND study. Tactical benefits accrued from the collection of the data result in greater outcomes from public disclosure.

Check Point Software Technologies posted a blog last Friday detailing the installation of malware of several android devices sold to two firms. The malware was added somewhere along the supply chain, but was not included by the official ROM made by the manufacturer. Many of the phones affected with a ROM using system privileges, meaning that a complete re-installation of all software programs to remedy the problem.

“World’s largest Sex and Swinger network users exposed to cybercriminals”

Last month hackers were able to successfully infiltrate AdultFriendFinder, Cams.com, and several other FriendFinder Networks sites, but the user information has yet to be released to the general public. The attack came from a local inclusion exploit, allowing the hackers to gain access to all of the sites without proper authentication.

A critical out-of-bounds memory access flaw, labeled as CVE-2016-7461, has been patched by VMware as of Sunday. The vulnerability allowed for guests to give arbitrary command over host servers that run Fusion or Workstation.

“New DDoS attack technique capable of using one laptop to bring down high-bandwidth firewalls”

A new cyberattack method, referred to as BlackNurse, is capable of sending ICMP packets in levels that overload major systems far easier than what has been previously observed. Far more CPU resources is required than normal to address the requests these packets request, creating substantial malfunctions and ping floods.

Dark web hackers were apparently observed boasting online about the ease in which they could steal from the bank. Many security firms had issued warnings to Tesco, reporting that these hackers referred to the bank as a ‘cash milking cow.’ Despite the bragging, there is no concrete evidence that the user is connected to the breach earlier this month, but the lack of preparation stemming from the bank has caused many concerns about the credibility of its security systems.

On November 3rd, continuous attacks from hijacked IoT devices were able to successfully bring down internet access to thousands of people. Some of the attacks were among the biggest ever seen, and targeted huge web companies such as Spotify, Twitter, and Reddit.

A recent report titled “IoT Goes Nuclear” has outlined problems seen in new Philips Hue smart light bulbs and similar devices that use ZigBee transmissions. Researchers from the Weizmann Institute of Science and Dalhousie University were successful in hacking and remotely using them from a separate location. Vulnerabilities like these have led to massive DDoS attacks, such as the October 21st web attack that brought many high value sites to their knees for several hours.

Cisco has now patched a significant vulnerability in its Prime Home system, a tool that allows a user to manage their smart devices. Before the patch was released, the firm issued an alert that the GUI interface was facing a security flaw that could potentially allow remote users to access functions they otherwise would not be able to access.

A Rapid7 research project has been undertaken to expose the vulnerabilities and misconfigurations in public internet spaces. The Rapid7 ‘Heisenberg Cloud’ combines scan data from scan data from the Heisenberg and Project Sonar.

Princeton University, Google and several other institutions have been able to develop a program that will allow the detection and stop of bad actors that look to register domain names for malicious purposes. Details of the new Proactive Recognition and Elimination of Domain Abuse at Time of Registration was presented at the ACM conference last week.

Web-based contracted cyber criminals, whose services are known as “booter” or “stresser” attacks, may soon be prevented from engaging in further nefarious activities soon. German researchers have studied patterns that come about when malicious actors mass-scan the internet in attempts to find website weaknesses, or DDoS attacks.

“Flaws could be exploited to upload a backdoor of vulnerable websites”

Fewer than 24 hours that a new patch was made available to fix serious flaws in Joomla websites, researchers had already witnessed several events in which bad actors were able to overtake privilege escalations and create access points allowing for remote execution of commands. The two most critical concerns which are now patched, CVE-2016-8869 and CVE-2016-8870, could allow for serious backdoor authorization if a hacker is well versed in their trade.

The Chinese Parliament has now readied its third draft of a widely criticized new law that will officially codify the sanctions it has placed over the internet within its own borders. The bill will be presented for a vote on the seventh of this month, and is met with vast opposition from many sectors of society which all claim that its inherent vagueness would allow discrimination against firms abroad on an arbitrary basis.

Electronic component manufacturer based in China Hangzhou Xiongmai Technologies has conceded that hackers used its technologies to conduct a massive cyberattack on several substantial United States headquartered internet sites. Mostly known for its production on DVR’s and cameras connected to the internet, weak default passwords of users is noted as a major contributing factor to their vulnerabilities. Security researchers have claimed that the notorious malware Mirai has been infiltrating and using them as a jump off point for Friday’s DDoS attack.

Friday saw a massive DDoS attack, which commentators have said led to the internet ‘breaking’ for several hours over the course of the early day. Vital corporate applications, business functions and inability to use big name sites, causing public outrage and firm loss. Dyn going offline brought the shutdown of the DNS server, the component that allows users to find sites without directly inputting the IP address.

Tech support scammers have added a new weapon in the cybercriminal bag of tools, now utilizing fake ‘Severe Warning’ notifications and blue screens of death in Windows devices. Hicurdismos, the nickname given to this new malware, disables Task Manager and hides the cursor to deceive the user and suggests the user to call a bogus call center and hoaxes users to give up sensitive information the scammer will exploit for profit.

The attacks we got a taste of Friday was bad, but experts are saying these disruptions will get worse in intensity and probably more frequent. This is due to hackers selling access to hacked IoT devices which give their customers the ability to launch cyber events comparable or potentially bigger than what the world had witnessed. Early October also saw the advertisement of a botnet cybercriminals had put up for sale on an underground market forum, a trend that before recently had been quite uncommon. To see a malware program for sale of that caliber has researchers predicting a growth in its usage and security concerns in the future.

10Fold Content Newsletter

Popular Post

Our Client – AppDynamics

Get in Touch with 10Fold!

With offices based in San Francisco, the California Bay Area and Southern California, 10Fold Communications is conveniently located in the epicenter of technology innovation.

About

10Fold Communications is a high-tech integrated marketing and public relations agency. We leverage our specialized skills and our well-established media and analyst relations to provide you with far-reaching perspectives, insights and results. We’re dedicated to your success and we have the know-how to make it happen..